Equifax may have been hacked again (updated)

When Equifax’s interim CEO penned a letter of apology on The Wall Street Journal , he admitted that it will take a lot of effort to regain people’s trust. Unfortunately, the company still seems to be lacking when it comes to security, because according to Ars Technica , it’s been hacked yet again. Independent security analyst Randy Abrams told Ars that he was redirected to hxxp:centerbluray.info and was met with a Flash download when he went to equifax.com to contest a false info on his credit report. The fake Flash installer apparently tricks people into downloading what Symantec identifies as Adware.Eorezo , an adware that inundates Internet Explorer with advertisements. Unfortunately, we can’t replicate the problem, but Abrams said he encountered the issue on three separate visits and captured one of them on video: We reached out to Equifax to ask whether the company has already cleaned up the adware downloader. To be safe, though, don’t click on any random Flash installer that pops up when you visit the agency’s website in the near future. Update: Equifax says its IT and security teams are looking into the issue, but while the investigation is in progress, the page has been taken offline. The company plans to share more information as it becomes available. Source: Ars Technica

This month’s posts:

About Ken May

Kenneth May is a certified cybersecurity professional. He and his team offer services such as Advanced Vulnerability Assessments, Network Penetration Testing, Web Application Penetration Testing, and a wide array of compliance services covering HIPAA, PCI, and the various NIST & DOD requirements. Ken is a Community mentor for SANS, the largest Cybersecurity certification preparation company in the world, and carries both the GSEC and GPEN (Certified Ethical Hacker and Penetration Tester) certifications. He has recently been accepted into the FBI’s Infragard program, as a recognized protector of critical national infrastructure. This program gives him deep access to information and resources to protect his clients.